The threat of cybercrime to British businesses is very real – and increasing all the time. This is one subject you shouldn’t ignore…

British businesses lost almost £30 billion due to cybercrime in 2016*. And nearly half fell victim to some kind of cybercrime, whether that was phishing, hacking, denial of service attacks or viruses.

If you are unaware of the damage cybercrime can do – just think back to May, when the NHS was subject to a ransomware attack, which brought down systems around the country, resulting in chaos and cancelled operations.

Is your data safe from hackers?

As hackers increasingly exploit human vulnerability, what can HR do to fight back? Protecting against cyber assaults is a more complex issue than just throwing money into better software and training your IT department. Read People Management’s new report [CIPD: Cybersecurity is too important to be left to the IT department 27/06/2017] to find out about the vital role HR has to play in educating employees and addressing organisational vulnerabilities.

People Management’s report reveals that 46% of UK employees spent half an hour or less on cyber security training in 2016, with 27% having done none at all. A new attitude towards training is clearly needed and Peter Cheese, CIPD Chief Executive, believes the trick to delivering effective cyber security training is to show how cybercrime could affect staff in their personal lives.

Take this free e-learning module [CIPD: Cyber Security for HR Professionals] on cyber security for HR professionals, to learn how to protect yourself and your organisation.

Speaking recently at an event with the Financial Times, Peter Cheese said that lifelong learning will be vital to future sustainability in a world where ‘data is the new electricity’.

So, it’s vital that companies are protected – and it is not just down to the IT department, HR has a role to play too.

HR’s role in cybercrime

The HR role is to educate employees, after all that is your strength. IT staff may know all the ins and out of cybersecurity, but it is the HR staff who have the skills to pass that knowledge on to the staff. And at present, according to Government research, only 17% of businesses are training their staff to be aware of cyber security.

It is obvious that that figure needs to change – and fast. This has to be a culture change within the organisation: you need to make sure employees buy in to the very real threat that cybercrime can pose to the company. They need to be aware, for instance, that you can’t just use random USB sticks in company computers without knowing what’s on them and where they come from.

And it’s not just in-house staff that need to be part of the culture change – freelancers and contractors need to be brought on board and made aware of the risks and the protocol to follow within your organisation.

When it comes to your training methods, if you can make it fun and engaging, you’ll be halfway to winning the battle. For consultancy firm PwC, the answer was to introduce a digital game called Game of Threats, which mimics a cyber-attack on an organisation.

And at the end of the day, companies also need people who are experts in the matter. HR has a role to play in ensuring that IT staff or consultants with specialist knowledge in this area are brought on board and are up to speed with the varying threats from cybercrime, as well as having the tools to tackle it.

If you would like to discuss this subject further and how it may affect your business, please contact Cecily Lalloo at Embrace HR.

Based in Aylesbury, Buckinghamshire, Embrace HR Limited supports business owners who do not have their own HR department or those that do but need help from time to time. We also work across the Home Counties of Oxfordshire, Bedfordshire and Hertfordshire, and also SMEs based in London.

*Data from a report by Beaming [Beaming Ltd: Cyber security breaches cost British Businesses almost £30 billion in 2016 01/03/2017]